Age | Commit message (Collapse) | Author | Files | Lines |
|
metze
|
|
metze
|
|
metze
|
|
It's a reserved field...
metze
|
|
metze
|
|
metze
|
|
changing them
metze
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
smb1cli_trans*
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jul 24 21:22:44 CEST 2012 on sn-devel-104
|
|
metze
|
|
metze
|
|
metze
|
|
We use the slightly confusing 'case sensitive = yes' option for the same behaviour.
This avoids adding even more confusing documentation for the ntvfs-only option.
Andrew Bartlett
|
|
This stub codebase does not justify a merged parameter.
Andrew Bartlett
Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
|
|
|
|
smb1cli_trans*
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jul 24 00:08:58 CEST 2012 on sn-devel-104
|
|
metze
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Jul 22 13:20:20 CEST 2012 on sn-devel-104
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
When we revamp the idmap layer, we will end up just following the s3
options, and this option is not used there either.
Andrew Bartlett
Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
|
|
This makes it easier to interpret failing output.
Andrew Bartlett
|
|
This compares only the domain SIDs betwen the two servers, rather than
the full token, as well known and other SIDs may be added locally
in both cases.
This also expands the test environments this is run against to verify
this between our AD server and domain members.
Andrew Bartlett
|
|
|
|
|
|
This works around an artificial limitation in socket_wrapper that breaks
some versions of GnuTLS when we return a short write.
Instead, keep pushing until the OS will not take it.
The correct solution will be to use tls_tstream, but the client code
for this is not yet tested and needs the ldap client layer changed
to use it.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul 18 11:23:55 CEST 2012 on sn-devel-104
|
|
gensec_update()
This avoids a situation where we could destroy pointers on the stack due to
a nested event loop.
This is certainly not a final, generic solution, but it is a minimal change
while we work to make gensec and gensec_gssapi async.
Andrew Bartlett
|
|
|
|
Normally this would be a very bad idea, but the specific case of fixing the instanceType
is the only case where this makes sense.
Andrew Bartlett
|
|
|
|
We should prevent this much further up the stack, but at least add a choke
at this point for now.
Additionally, this avoids administrator-forced replications causing
considerable damange to the directory.
Andrew Bartlett
|
|
We need a stackframe to call lp_load().
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Autobuild-User(master): Rusty Russell <rusty@rustcorp.com.au>
Autobuild-Date(master): Wed Jul 18 09:31:07 CEST 2012 on sn-devel-104
|
|
If we create a copy of the credential state we miss updates to the
credentials.
To establish a netlogon schannel connection we create client credentials
and authenticate with them using
dcerpc_netr_ServerAuthenticate2()
For this we call netlogon_creds_client_authenticator() which increases
the sequence number and steps the credentials. Lets assume the sequence
number is 1002.
After a successful authentication we get the server credentials and we
send bind a auth request with the received creds. This sets up gensec
and the gensec schannel module created a copy of the client creds and
stores it in the schannel auth state. So the creds stored in gensec have
the sequence number 1002.
After that we continue and need the client credentials to call
dcerpc_netr_LogonGetCapabilities()
to verify the connection. So we need to increase the sequence number of
the credentials to 1004 and step the credentials to the next state. The
server always does the same and everything is just fine here.
The connection is established and we want to do another netlogon call.
So we get the creds from gensec and want to do a netlogon call e.g.
dcerpc_netr_SamLogonWithFlags.
We get the needed creds from gensec. The sequence number is 1002 and
we talk to the server. The server is already ahead cause we are already
at sequence number 1004 and the server expects it to be 1006. So the
server gives us ACCESS_DENIED cause we use a copy in gensec.
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
metze
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
metze
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
metze
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
This is also needed to support AES.
metze
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
The RODC stuff doesn't depend on the schannel algorithm.
metze
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
metze
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
|
|
When provisioning with --use_rfc2307=yes populate the subtree:
CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN} This makes it
possible to manipulate the posix attributes via ADUC
(commit message adjusted by abartlet)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Jul 13 02:51:44 CEST 2012 on sn-devel-104
|
|
|
|
|